09-14-2022 02:48 AM - edited 09-14-2022 02:53 AM
Goal
To configure AppQoE TCP and DRE optimization feature on Catalyst 8000 Edge platform family with IOS XE SD-WAN for enhanced Application Quality of Experience.
Benefits
Prerequisites:
Documentation
This configuration example is meant to be interpreted with the aid of the official documentation from the configuration guide located here:
TCP Optimization - Cisco SD-WAN AppQoE Configuration Guide, Cisco IOS XE Release 17.x - TCP Optimization [Cisco SD-WAN] - Cisco
External Service Nodes Configuration - Cisco SD-WAN AppQoE Configuration Guide, Cisco IOS XE Release 17.x - External Service Nodes for AppQoE Services [Cisco SD-WAN] - Cisco
DRE Configuration - Cisco SD-WAN AppQoE Configuration Guide, Cisco IOS XE Release 17.x - Traffic Optimization with DRE [Cisco SD-WAN] - Cisco
HTTP Connect - Cisco SD-WAN AppQoE Configuration Guide, Cisco IOS XE Release 17.x - HTTP Connect [Cisco SD-WAN] - Cisco
Supported Platforms:
Note:
Platforms requirs specific resources CPU/RAM/Disk to support AppQoE.
Please check this link for more details - Cisco SD-WAN AppQoE Configuration Guide, Cisco IOS XE Release 17.x - Traffic Optimization with DRE [Cisco SD-WAN] - Cisco
Topology
Below topology will be used for the step-by-step configuration example. This uses an integrated service node deployment use case for both the SD-WAN WAN edge devices.
Step-by-Step Configuration
1. Create AppQoE Feature Templates for TCP and DRE Optimization
1.1 Create an AppQoE feature template for C8200-1N-4T
1.1.1 From the Cisco vManage menu, navigate to Configuration >Templates
1.1.2 Click Feature
1.1.3 Select Add Template
1.1.4 In the search bar enter the PID C8200-1N-4T
1.1.5 Select C8200-1N-4T
1.1.6 On the right-hand side of the page, scroll down to the subsection Other Templates, select AppQoE
1.1.7 Enter the following details:
Template Name: C8200-AppQoE-Template
Description: C8200-AppQoE-Template
1.1.8 Within the Controller heading, click on the checkbox to Enable the Integrated Service Node option
1.1.9 Enable DRE optimization by clicking on the toggle switch
1.1.10 Click Save at the bottom of the page
Note: Integrated Service Node deployment refers to a deployment where both Service Controller and Service Node functions are deployed on the same WAN edge. As an integrated service node deployment, vManage automatically assigns IP addresses to the router’s controller and service node making each function locally significant.
1.1.11 Once the template page loads, search for AppQoE in the search bar and verify that the template for the
C8200-1N-4T is present
1.2 Repeat the steps from 1.1.1 to 1.1.11 to create the AppQoE Feature Template for C8300-2N2S-4T2X
2. Attaching AppQoE Feature Template to Device
2.1 Follow the below steps to attach AppQoE template to C8200-1N-4T
2.1.1 From the Cisco vManage menu, choose Configuration > Templates
2.1.2 At the top of the page, click Device
2.1.3 From the device template page, search C8200-1N-4T in the search box. Using the actions button on the left-hand side click Edit.
2.1.4 Select the heading Additional Templates. Scroll down and under the AppQoE drop-down list, choose the newly created AppQoE template for C8200-1N-4T [C8200-AppQoE-Template]
2.1.5 Click Update
2.1.6 Click Next
2.1.7 Click Configure Devices
After some time, you will see a validation message stating that the device template has successfully been attached to the C8200-1N-4T. This step will download the DRE container image to the device and install it, so it might take few minutes to complete. If the DRE container image is not uploaded to vManage software repository then this step will fail.
2.2 Repeat the steps from 2.1.1 to 2.1.7 to attach AppQoE template to C8300-2N2S-4T2X
3. Configure Traffic Interception Rules for AppQoE
Centralized policies refer to policies that are provisioned on Cisco vSmart Controllers, which are the centralized controllers in the Cisco SD-WAN overlay network. A centralized control policy applies to the network-wide routing of traffic by affecting the information that is stored in the Cisco vSmart Controller's route table and that is advertised to the Cisco SD-WAN Edge devices.
3.1 Define sequence rule for Ubuntu host connected to C8200-1N-4T
3.1.1 From the Cisco vManage menu, navigate to Configuration > Policies
3.1.2 From the top right, select the Custom Options drop down menu and select Traffic Policy
3.1.3 Click the heading Traffic Data
3.1.4 Click Add Policy drop-down, Select Create New
3.1.5 Define the data policy that will be pushed to both the C8200-1N-4T and C8300-2N2S-4T2X-01 routers. Enter the following details:
Name: AppQoE-Policy
Description: AppQoE-Policy
3.1.6 On the left pane, click Sequence Type. The Add Data Policy popup opens
3.1.7 Select the Custom option for the data policy
3.1.8 Define sequence rule for Ubuntu host connected to C8200-1N-4T
3.1.9 In the right pane, Click Sequence Rule
3.1.10 When the Match/Action box opens, select from the available match conditions to intercept traffic data. For this policy we will be intercepting traffic from a specified source prefix
3.1.11 In the Match [1] conditions, click Source Data Prefix [2] from the selection bar. This specifies the prefixes that we wish to define to match the traffic
3.1.12 Under Match Conditions [3] Enter the IP Prefix [4] of the incoming traffic, for e.g., in my lab it is 10.1.10.0/24 for Ubuntu host connected to C8200-1N-4T
3.1.13 From the Action [1] conditions heading click Accept [2]
3.1.14 In the AppQoE Optimization [3] subheading enable both TCP Optimization and DRE Optimization [4]
3.1.15 Click Save Match and Actions [5] at the bottom right of the page
3.1.16 Define sequence rule for Ubuntu host connected to C8300-2N2S-4T2X
3.1.17 In the right pane, Click Sequence Rule
3.1.18 When the Match/Action box opens, select from the available match conditions to intercept traffic data. For this policy we will be intercepting traffic from a specified source prefix
3.1.19 In the Match [1] conditions, click Source Data Prefix [2] from the selection bar. This specifies the prefixes that we wish to define to match the traffic
3.1.20 Under Match Conditions [3] Enter the IP Prefix of the incoming traffic 10.1.30.0/25
3.1.21 From the Action conditions heading click Accept [1]
3.1.22 In the AppQoE Optimization [3] subheading enable both TCP Optimization and DRE Optimization [4]
3.1.23 Click Save Match and Actions [5] at the bottom right of the page
3.1.24 Apply Default Action
Once both policies are created for the two defined source data prefixes, all other incoming traffic must have a default action applied. By default, all traffic is set to be dropped if no match occurs for data packets. We will change the default action to accept all incoming traffic.
3.1.25 From the left navigation pane, Click Default Action [1] and select the Edit [2] option to the far right.
3.1.26 Select the Accept [1] option at the top of the page
3.1.27 Click Save Match and Actions [2]
3.1.28 Click Save Data Policy at the bottom of the page
4. Configure Centralized Data Policies
4.1 Apply Policy to Site IDs
Site IDs represent the identification given to a site for which the device is provisioned. Policies must be associated with specified Sites and VPNs in the network. This is done by defining a specific Site ID and VPN to attach the policy to.
4.1.1 From the Cisco vManage menu, navigate to Configuration > Policies
4.1.2 Select Add Policy
4.1.3 From the left navigation pane select Site, Click New Site List and enter the following:
Site List Name: AppQoE-Sites
Within the Add Site field enter the appropriate Site ID for both C8200- 1N-4T and C8300-2N2S-4TX.
4.1.4 Click Add
4.1.5 Within the Add Policy page select VPN [1] from the left navigation menu
4.1.6 Select New VPN List [2]
4.1.7 Specify VPN List Name and ID [3]:
Name: AppQoE-VPN
Add VPN: 1 (Service VPN in my lab)
4.1.8 Click Add [4]
4.1.9 Click Next
4.1.10 Within Configure Topology and VPN Membership page, Click Next
4.1.11 Within the Configure Traffic Rules [1] page, select Traffic Data [2] > Add Policy [3] > Import Existing [4]
4.1.12 Within the policy drop-down list, select AppQoE-Policy
4.1.13 Select Import
4.1.14 Click Next
4.1.15 Within the page Apply Policies to Sites and VPNs [1] fill in the required policy parameters using the following details [2]:
Policy Name: AppQoE-Policy
Policy Description: AppQoE-Policy
4.1.16 Select the heading titled Traffic Data [1] to attach the Site List and VPN List previously configured.
4.1.17 Click New Site List and VPN List [2]
4.1.18 Enable the All [3] option to specify the direction for applying the policy
4.1.19 From the Select Site List drop-down choose AppQoE-Sites
4.1.20 From the Select VPN List drop-down, select AppQoE-VPN
4.1.21 Click Add
4.1.22 Click Save Policy at the bottom of the page
Once the policy is saved you will be directed back to the Centralized Policy page where you will be able to see the newly created policy.
4.1.23 Click on Activate the policy to push the policy to the devices.
This concludes the configuration of AppQoE TCP and DRE optimization features for Catalyst 8000 Edge platforms. Once the policy is pushed to the device, the incoming traffic matching the configured traffic policy will be sent to TCP & DRE for optimization.
Verification
-
-
-
How to test TCP Optimization and DRE?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: